Decentralized lending platform Compound has been affected by a code bug in a latest governance proposal to replace its value feeds.
The code error has “quickly frozen” the Compound ETH (cETH) market, inflicting cETH transactions to revert, however Compound Labs acknowledged that regardless of the entrance finish not working, “funds are usually not instantly in danger.”
Compound Labs introduced on Aug. 31 that the code bug got here from Proposal 117: Compound Oracle Improve v3, which was carried out a few hours in the past to replace the oracle contracts on the Compound protocol to a brand new model that makes use of Uniswap V3 as a substitute of V2 for value feeds.
An hour in the past, Proposal 117 was executed, which up to date the value feed that Compound v2 makes use of.
This value feed, whereas audited by three auditors, contained an error that’s inflicting transactions for ETH suppliers and debtors to revert.https://t.co/a2DFk7h0ET
— Compound Labs (@compoundfinance) August 30, 2022
In response to the cETH market quickly freezing, Compound Labs mentioned it aimed to revert to the earlier value feed through Proposal 119: Oracle Replace. The brand new proposal was created lower than one hour after Proposal 117 had been executed, nevertheless it now must undergo seven-day governance course of earlier than taking impact.
In line with an update from Safety Options Architect Michael Lewellen of OpenZeppelin, the code bug got here from the “getUnderlyingPrice” perform, which didn’t replace the value of cETH tokens, which might return empty bytes and trigger the decision to be reverted.
Learn the next submit for particulars on a Compound incident we’re working to resolve for the cETH market. A repair is already underway and no funds are in danger right now. The remainder of the cToken markets on Compound V2 and all of V3 stay useful.https://t.co/CiSE3a99Wa
— OpenZeppelin (@OpenZeppelin) August 30, 2022
Lewellen additionally reaffirmed that no funds are in danger:
“The first concern proper now could be a brief denial of service for the cETH market which will probably be resolved by the brand new governance proposal. No funds are in danger right now. The remainder of the cToken markets on Compound V2 and all of V3 stay useful.”
Nonetheless, Lewellen added that “any customers that deposited ETH and obtained cETH for opening borrow positions have to be conscious that they could get immediately liquidated every time the repair proposal executes if by that point the value of ETH has dropped considerably.”
However the CEO of Compound Labs Robert Leshner additionally added that customers can nonetheless repay any debt and add collateral to keep away from liquidation.
Associated: What is a great contract safety audit? A newbie’s information
Compound Labs famous the code bug got here regardless of the oracle contract being audited from three separate sensible contract auditing firms, with OpenZeppelin and ChainSecurity among the many latest corporations to have audited Compound’s sensible contracts.
Proposal 117 itself didn’t seem like a controversial one, with all 696,665 votes from 245 completely different pockets addresses in favor of the value feed improve. Crypto funding agency Polychain Capital solid probably the most votes (306,146) in favor of the proposal.
In line with DeFi Llama, Compound is the third largest decentralized lending platform, with $2.67 billion complete worth locked (TVL). The information has not affected the Compound token, COMP, to this point which is at present priced at $48.27.